Hi @Bryan Bende I have a new issue when I tried to login Initial Admin Identity by using username and password. In previous test, I successfully made the client cert login work. I have an principle "admin@NIFI.COM" in kerberos, and "admin@NIFI.COM" as Initial Admin in authorizers.xml When I login as "admin", the user log shows: 2017-09-28 14:27:06,112 INFO [NiFi Web Server-120] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for admin@NIFI.COM 2017-09-28 14:32:13,193 ERROR [NiFi Web Server-19] o.a.nifi.web.security.jwt.JwtService There was an error validating the JWT io.jsonwebtoken.JwtException: Unable to validate the access token. Caused by: io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted. When the nifi cluster is up, I can login in as "admin". After logout, and login again, NiFi gives me above error. Is it caused by the browser cache the token? Thanks. ... View more

Hi @Arti Wadhwani, Could we use username/password of the principle created in Kerberos to login? Since I don't have kinit in nifi node. Thanks. ... View more

Hi @Bryan Bende, I deleted my previous replies since it's misleading. Let me restate the current issue clearly. The reason I saw below error "Unknown user with identity 'alvin@NIFI.COM'. Contact the system administrator." is due to I login Initial Admin account to add user "CN=alvin, OU=NIFI.COM" in NiFi web. The correct way is to add 'alvin@NIFI.COM' and set its policy. After that my issue is gone. Thanks. ... View more

Hi @Bryan Bende, It seems the authentication works now. But I have issue with authorization. I used the file-based authorization approach. After I type username and password, it says "Unknown user with identity 'alvin@NIFI.COM'. Contact the system administrator." instead of prompting out "Justification" page. Any idea? Thanks. 2017-09-08 19:48:33,294 INFO [NiFi Web Server-29] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for alvin@NIFI.COM 2017-09-08 19:48:33,295 INFO [NiFi Web Server-29] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[alvin@NIFI.COM], groups[none] does not have permission to access the requested resource. Unknown user with identity 'alvin@NIFI.COM'. Returning Forbidden response. 2017-09-08 19:48:33,295 DEBUG [NiFi Web Server-29] o.a.n.w.a.c.AccessDeniedExceptionMapper org.apache.nifi.authorization.AccessDeniedException: Unknown user with identity 'alvin@NIFI.COM'. at org.apache.nifi.web.api.FlowResource.authorizeFlow(FlowResource.java:230) at org.apache.nifi.web.api.FlowResource.getCurrentUser(FlowResource.java:316) ... View more

Hi @Bryan Bende, Thank you for this tutorial. Very helpful. May I ask do we need to also set up below properties in a cluster mode? nifi.kerberos.service.principal nifi.kerberos.service.keytab.location Is kerberos.service and kerberos.spnego one or another? Or both must be set? Since I saw some examples set up kerberos.service rather than kerberos.spnego, e.g. https://community.hortonworks.com/articles/34147/nifi-security-user-authentication-with-kerberos.html Thanks. ... View more

Thanks @smanjee Good job! I am looking forward Part II ... View more

Hi @Greg Keys, Thank you for this document. May I ask if I would like to search for datetime type(YYY-MM-DD HH:MM:SS) in a row and convert it to unix timestamp type. Any idea on it? Thanks. ... View more